- - CVE-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does notremove authentication credentials from URLs of the'user:password@host' form in the HTTP-Referer header, which couldallow remote web sites to steal the credentials for pages that linkto the sites.

- - CVE-2003-0370: Konqueror Embedded and KDE 2.2.2 and earlier does notvalidate the Common Name (CN) field for X.509 Certificates, whichcould allow remote attackers to spoof certificates via aman-in-the-middle attack.

These vulnerabilities are described in the following securityadvisories from KDE: